Use-After-Free Vulnerability in Linux Kernel PCI/ASPM Management
CVE-2023-53446

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2025

What is CVE-2023-53446?

A use-after-free vulnerability was identified within the Linux kernel's handling of PCI/ASPM. The issue arises when the 'downstream' pointer in the struct pcie_link_state remains retained after the removal of a multifunction device function, leading to potential dereferencing of a freed memory block. This could cause unexpected behavior and crashes, compromising system stability. To mitigate the issue, the kernel disables ASPM and properly frees the pcie_link_state when a child function is removed, preventing the dangling pointer scenario and ensuring consistent ASPM Control configurations across multifunction devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux b5a0a9b59c8185aebcd9a717e2e6258b58c72c06 < 666e7f9d60cee23077ea3e6331f6f8a19f7ea03f

Linux b5a0a9b59c8185aebcd9a717e2e6258b58c72c06 < 7badf4d6f49a358a01ab072bbff88d3ee886c33b

Linux b5a0a9b59c8185aebcd9a717e2e6258b58c72c06 < 9856c0de49052174ab474113f4ba40c02aaee086

References

https://git.kernel.org/stable/c/666e7f9d60cee23077ea3e633...
https://git.kernel.org/stable/c/7badf4d6f49a358a01ab072bb...
https://git.kernel.org/stable/c/9856c0de49052174ab474113f...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.